FULL PDF
Abstract
The main target of the Organizations is to secure their network from attacks. This requires network administrators to implement different IDS to monitor network traffic for unauthorized and malicious activities. The etection of malicious activities is two types; i. Misuse IDSs versus ii. Anomaly-based IDSs. Misuse IDS is a signature based IDS which can detect known attacks in an efficient way based on hard coded signatures stored in the signature list. The misuse techniques have the advantage of low false positive rate. However, they suffer from high false negative rate due to the sensitivity to any simple variation in the stored signatures. In such case, the variations can be considered as an attack. Misuse IDS fails in detecting unknown and zero-day attacks where they are unavailable in the stored signatures. Because of this, currently, the focus of many researchers is on anomaly detection to overcome the limitations of sign-based IDSs in detecting new attacks. Artificial intelligence, specifically machine learning methods, has been used to develop an effective data-centric intrusion detection system. In most Anomaly-based approaches, the detection rate is low, the training time is high and the false-alarm-rate (far) is high. To solve these problems, we experimented 3 well-known ML algorithms namely Random Forest, K nearest neighbor & Deep Neural Network and used the UNSW NB15 Network traffic dataset. The innovative findings show that the RF Classifier is better than the alternative methods in detecting the data traffic is normal or attack. This with, RF achieved a classification accuracy of 97.57%, detection rate of 97.53%, and 2.35% with a training time of 8.34 sec in binary classification with a accuracy of classification of 80.76% in ten class classification
View more >>